Solved: Re: Is it possible to disable the Non SSL Anyconnect Login

Scott Dunseth · ‎06-07-2023

I am doing a vulnerability scan of our NGFW 1120 and I am able to see the unsecure site that shows the IP and VPN login - is there a way that we can disable the access to the unsecure side and only allow the SSL connection to be visible?

Thank you

Marvin Rhoads · ‎06-09-2023

"Not secure", when shown in a browser toolbar like you shared, usually means the certificate common name (or subject alternate name) does not match the FQDN you scanned. For instance, scanning using the IP address instead of the FQDN will usually show such output.

For a better scanning option, I typically use ssllabs.com server test here: https://www.ssllabs.com/ssltest/

View solution in original post

MHM Cisco World · ‎06-07-2023

can you more elaborate?

Scott Dunseth · ‎06-07-2023

I am scanning the external IP of our Firewall NGFW 1120 - the scan is picking up the IP Address of the vpn, and the secure site of the vpn is good (as expected). Here is the example (below) Is it possible to block the access to this - so that the Secure VPN site is the only accessible site shown. (Screenshot at the bottom)

Secure Site

Thank you

Marvin Rhoads · ‎06-09-2023

"Not secure", when shown in a browser toolbar like you shared, usually means the certificate common name (or subject alternate name) does not match the FQDN you scanned. For instance, scanning using the IP address instead of the FQDN will usually show such output.

For a better scanning option, I typically use ssllabs.com server test here: https://www.ssllabs.com/ssltest/

Scott Dunseth · ‎09-26-2023

I would like to make sure the Firewall does not show the unsecure site. I would like the Secure Site with the Cert to be the only one available.

Thank you